Vulnerability Note VU#600724

ZTE F460/F660 cable modems contain an unauthenticated backdoor

Overview

ZTE F460/F660 cable modems contain an unauthenticated backdoor.

Description

ZTE F460/F660 cable modems contain an unauthenticated backdoor. The web_shell_cmd.gch script accepts unauthenticated commands that have administrative access to the device. It has been reported that the web_shell_cmd.gch script is sometimes accessible from the WAN interface making exploitation of this backdoor from the Internet possible in certain cases.